git.net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [VOTE] Apache CloudStack 4.11.2.0 RC5


Hi Rohit

I think I've found something regarding memory issues with vmware:
Schema-update only updates default system-vm, but not newly registered ones:

https://github.com/apache/cloudstack/blob/master/engine/schema/src/main/resources/META-INF/db/schema-41000to41100.sql:
448: -- Use 'Other Linux 64-bit' as guest os for the default systemvmtemplate for VMware
449: -- This fixes a memory allocation issue to systemvms on VMware/ESXi
450: UPDATE `cloud`.`vm_template` SET guest_os_id=99 WHERE id=8;

When I registered the new templates I selected Debian something as OS type. I now changed this to "Other Linux (64bit)", which is what above update is doing, and I can see significantly less memory used by VRs. I do not understand the reasons behind this behavior, I tried also other settings (Debian 9 64-bit, Other 3.x Linux), neither seem to handle memory well...

As for the VPN part, you suggested
> you can build a custom systemvm.iso file with those settings.
Is it possible to simply replace the systemvm.iso file on mgmt-server, remove it from secondary and restart mgmt-server? Maybe you can point me here in the right direction.

Thanks,
Sam


> -----Original Message-----
> From: Rohit Yadav <rohit.yadav@xxxxxxxxxxxxx>
> Sent: Dienstag, 20. November 2018 12:55
> To: dev@xxxxxxxxxxxxxxxxxxxxx
> Subject: Re: [VOTE] Apache CloudStack 4.11.2.0 RC5
> 
> Hi Samuel,
> 
> 
> Thanks for your email. I've opened this ticket for your first issue:
> https://github.com/apache/cloudstack/issues/3039
> 
> Please follow René's advice to (a) try increase the VR memory and see if it
> helps, (b) have a script for reducing memory over time. We'll also work with
> the systemd project to see if they can fix and backport this for Debian 9.6+.
> 
> 
> For your second issue, in 4.9 which used a Debian7 based VR and openswan
> for VPN, we've moved to strongswan. If your external Cisco
> endpoint/integration can work with strongswan, please create a VPC VR and
> manipulate the strongswan configs in that VR and share your results or send
> a PR, the changes need to be in one of the python files such as configure.py.
> The #2 issue is very specific to your environment and is not a general error, if
> you're able to optimize the configuration for a VR, you can build a custom
> systemvm.iso file with those settings. In addition, you can send a PR or
> submit a Github issue with details, logs, configurations etc:
> https://github.com/apache/cloudstack/issues
> 
> 
> I think both the issues are not general blockers and should not void 4.11.2.0
> voting.
> 
> 
> - Rohit
> 
> <https://cloudstack.apache.org>
> 
> 
> 
> ________________________________
> From: Zehnder, Samuel <zehnder@xxxxxxxxxxx>
> Sent: Monday, November 19, 2018 9:13:04 PM
> To: dev@xxxxxxxxxxxxxxxxxxxxx
> Subject: Re: [VOTE] Apache CloudStack 4.11.2.0 RC5
> 
> 
> Hi Group
> 
> First, sorry that I wasn't able to use the mailto-link for the reply. It somehow
> did not work..
> 
> 
> 
> After Upgrading from 4.9 to 4.11 we are seeing two issues with vRouter
> systemVMs:
> 
> 
> 
> 1) Memory Consumption on vSphere
> 
> vRouter are starting to swap with low memory available, this also starts
> happening after increasing memory size to 512m. Interestingly, there's no
> process nor cache using the memory as far as "top", "ps", or other tools
> report.
> 
> 
> 
> 2) Site-2-Site VPN
> 
> a) After a restart of the VPC (vRouter rebuild) VPN Tunnels are not
> configured on vRouter. This has to be triggered manually with a call to
> resetVpnConnection API.
> 
> b) StrongSwan configuration does not work well with Cisco endpoints, I've
> found following inputs:
> 
>   - multiple "rightsubnet=" entries are not supported with ikev1 [1], so
> multiple conns should be configured instead
> 
>   - multiple subnets are supported with ikev2, but not with Cisco endpoints,
> use multiple conns as well [2]
> 
> 
> 
> For me it is unclear, what script should be modified for above issues, one of
> those look promising:
> 
> https://github.com/apache/cloudstack/blob/master/systemvm/debian/opt/
> cloud/bin/ipsectunnel.sh
> 
> https://github.com/apache/cloudstack/blob/master/systemvm/debian/opt/
> cloud/bin/configure.py
> 
> 
> 
> Regards,
> 
> Sam
> 
> 
> 
> [1]
> https://wiki.strongswan.org/projects/strongswan/wiki/ConnSection#leftrigh
> t-End-Parameters
> 
> [2] https://serverfault.com/questions/904028/strongswan-to-cisco-asa-with-
> multiple-right-subnet
> 
> 
> 
> rohit.yadav@xxxxxxxxxxxxx
> www.shapeblue.com
> Amadeus House, Floral Street, London  WC2E 9DPUK @shapeblue
> 
> 

Attachment: smime.p7s
Description: S/MIME cryptographic signature